var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?d387e539c1f2d34f09a9afbac8032280"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })();

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
Why Firewalls Aren't Going Anywhere
Ruvi Kitov, Chairman, CEO and Co-Founder, TufinCommentary
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
By Ruvi Kitov Chairman, CEO and Co-Founder, Tufin, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
ISACs Join Forces to Secure the Travel Industry
Dark Reading Staff, Quick Hits
Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.
By Dark Reading Staff , 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Windows Vuln Discovered by the NSA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
By Kelly Sheridan Staff Editor, Dark Reading, 1/14/2020
Comment1 Comment  |  Read  |  Post a Comment
'Fancy Bear' Targets Ukrainian Oil Firm Burisma in Phishing Attack
Dark Reading Staff, Quick Hits
The oil & gas company is at the heart of the ongoing US presidential impeachment case.
By Dark Reading Staff , 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Processor Vulnerabilities Put Virtual Workloads at Risk
Marc Laliberte, Senior Security Analyst, WatchGuard TechnologiesCommentary
Meltdown, Spectre exploits will likely lead to customers making tradeoffs between performance and security of applications, especially virtual and cloud-based apps
By Marc Laliberte Senior Security Analyst, WatchGuard Technologies, 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
How to Keep Security on Life Support After Software End-of-Life
Joan Goodchild, Contributing Writer
It's the end of support this week for Windows 7 and Server 2008. But what if you truly can't migrate off software, even after security updates stop coming?
By Joan Goodchild Contributing Writer, 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark ReadingNews
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.
By Kelly Sheridan Staff Editor, Dark Reading, 1/13/2020
Comment1 Comment  |  Read  |  Post a Comment
Website Collecting Australian Fire Donations Hit by Magecart
Dark Reading Staff, Quick Hits
The attack may have compromised donors' payment information.
By Dark Reading Staff , 1/13/2020
Comment0 comments  |  Read  |  Post a Comment
Synopsys Buys Tinfoil
Dark Reading Staff, Quick Hits
Tinfoil Security's dynamic application and API security testing capabilities will be added to Synopsys Software Integrity Group.
By Dark Reading Staff , 1/10/2020
Comment0 comments  |  Read  |  Post a Comment
Chinese Malware Found Preinstalled on US Government-Funded Phones
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.
By Kelly Sheridan Staff Editor, Dark Reading, 1/9/2020
Comment0 comments  |  Read  |  Post a Comment
AWS Issues 'Urgent' Warning for Database Users to Update Certs
Dark Reading Staff, Quick Hits
Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.
By Dark Reading Staff , 1/9/2020
Comment1 Comment  |  Read  |  Post a Comment
Developers Still Don't Properly Handle Sensitive Data
Robert Lemos, Contributing WriterNews
The top classes of vulnerabilities for 2019 indicate that developers still don't correctly sanitize inputs, nor protect passwords and keys as they should.
By Robert Lemos Contributing Writer, 1/8/2020
Comment0 comments  |  Read  |  Post a Comment
Google's Project Zero Policy Change Mandates 90-Day Disclosure
Dark Reading Staff, Quick Hits
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
By Dark Reading Staff , 1/8/2020
Comment1 Comment  |  Read  |  Post a Comment
TikTok Bugs Put Users' Videos, Personal Data At Risk
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.
By Kelly Sheridan Staff Editor, Dark Reading, 1/8/2020
Comment0 comments  |  Read  |  Post a Comment
In App Development, Does No-Code Mean No Security?
Curtis Franklin Jr., Senior Editor at Dark Reading
No-code and low-code development platforms are part of application development, but there are keys to making sure that they don't leave security behind with traditional coding.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/8/2020
Comment2 comments  |  Read  |  Post a Comment
The Discovery and Implications of 'MDB Leaker'
Kelly Sheridan, Staff Editor, Dark ReadingNews
The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched.
By Kelly Sheridan Staff Editor, Dark Reading, 1/7/2020
Comment0 comments  |  Read  |  Post a Comment
Accenture to Buy Symantec's Cyber Security Services
Dark Reading Staff, Quick Hits
The purchase, for an undisclosed amount, is scheduled to close in March.
By Dark Reading Staff , 1/7/2020
Comment0 comments  |  Read  |  Post a Comment
New Standards Set to Reshape Future of Email Security
Seth Blank, Director of Industry Initiatives, ValimailCommentary
Emerging specs and protocols expected to make the simple act of opening an email a less risky proposition
By Seth Blank Director of Industry Initiatives, Valimail, 1/7/2020
Comment0 comments  |  Read  |  Post a Comment
Malicious Google Play Apps Linked to SideWinder APT
Kelly Sheridan, Staff Editor, Dark ReadingNews
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 1/6/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
Kelly Sheridan, Staff Editor, Dark Reading,  1/10/2020
7 Free Tools for Better Visibility Into Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-01-16
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.

PUBLISHED: 2020-01-16
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.

PUBLISHED: 2020-01-16
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.

PUBLISHED: 2020-01-16
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.

PUBLISHED: 2020-01-16
async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app